I was offered this rouge installer to test by a forum member. I tested it on Win 7 Home Premium 32 bit in Vbox.

It,s very interesting. It installs itself without any UAC prompt and opens a fake action centre window.

There is a partial bypass when I tried it inside GesWall and DefenceWall latest beta as untrsuted. As long as malware is running, it will not let you open the original Action Centre window. Rather it will open a fake Action Centre window.

It,s not a big issue in practice as a system reboot or killing malware via GesWall/ DefnceWall will cure the problem but it,s important in a way that Action centre window is part of explorer.exe( I guess).m Explorer.exe is trusted in Geswall and DefenceWall and should not be affected by an untrusted process.

I was offered this rouge installer to test by a forum member. I tested it on Win 7 Home Premium 32 bit in Vbox.

It,s very interesting. It installs itself without any UAC prompt and opens a fake action centre window.

There is a partial bypass when I tried it inside GesWall and DefenceWall latest beta as untrsuted. As long as malware is running, it will not let you open the original Action Centre window. Rather it will open a fake Action Centre window.

It,s not a big issue in practice as a system reboot or killing malware via GesWall/ DefnceWall will cure the problem but it,s important in a way that Action centre window is part of explorer.exe( I guess).m Explorer.exe is trusted in Geswall and DefenceWall and should not be affected by an untrusted process.

hmmmm... a few month ago i tested geswall with some viruses. adware, a rootkit. last week i tested it it with the zeus trojan...nothing happened. a couple of days later kaspersky told me that he found zeus bot in system32. i don`t know what to say...could it be the one i tested with geswall or something else, from elsewhere.

hmmmm... a few month ago i tested geswall with some viruses. adware, a rootkit. last week i tested it it with the zeus trojan...nothing happened. a couple of days later kaspersky told me that he found zeus bot in system32. i don`t know what to say...could it be the one i tested with geswall or something else, from elsewhere.

Click to expand...

Doesn't matter if the malware is running or just lying on your PC. As long as GW is watching it can't do any harm, and it will ask you if it tries to. GW doesn't remove, it blocks its actions through policy.

hmmmm... a few month ago i tested geswall with some viruses. adware, a rootkit. last week i tested it it with the zeus trojan...nothing happened. a couple of days later kaspersky told me that he found zeus bot in system32. i don`t know what to say...could it be the one i tested with geswall or something else, from elsewhere.

Click to expand...

Hmmm... You are not sure about the origin of file. Best is to test in a VM and monitor any file creation by a HIPS. Then you can be sure.

Defensewall, with Sandboxie, geswall or Shadow Defender, to my thinking is about as bulletproof as you can get on a computer.

I usually run just DW, but if I'm going anywhere online other than the forums on which I post, I engage Sandboxie just for that extra protection, even for just checking history sites or research type places I use. These days, with what's out there, paranoia can be a good thing.

Defensewall, with Sandboxie, geswall or Shadow Defender, to my thinking is about as bulletproof as you can get on a computer.

I usually run just DW, but if I'm going anywhere online other than the forums on which I post, I engage Sandboxie just for that extra protection, even for just checking history sites or research type places I use. These days, with what's out there, paranoia can be a good thing.

Click to expand...

Wrong,

it isn't possible to have both defense wall and sandboxie Isolating the same virus sample at the same time.